Be aware that using components like Akeba Backup you open your website
for potential vulnerabilities (Akeba already had bugs that made many
websites hacked). If you still have to use it remember to uninstall it
after restoring backup.

Artur, I won't agree with your statement. Because a software had once
time ago a vulnerability, this doesn't mean that it can't be safe in
the future and we shouldn't be using it. With the same logic, then we
shouldn't also use Joomla or any other software. Current status of
Akeeba is safe and it's okay to use it and developers of akeeba are
working hard to keep it that way.

But Artur's reply was:

Ask any one that have knowledge about security, then let him look at
Akeba code and you will have your answer. Also I have many clients
stories about how Akeba f.up backup that lead them to data loss. It is
not safe to use it. Consider warned.

Actually, Artur's claims come after another relative recent conversation I had with a guy from a local hosting company- who also claimed that Akeeba is insecure, so they won't allow it on their servers.

Considering the popularity and widespread use of this extension -me personally, I am installing it and using it on almost every site as I found it very handy - needless to say that I had no issues so far with it-, I am wondering what is the case with Akeeba?

Is it safe? Should it be avoided? Are you aware of certain risks, or insecurities related to Akeeba?

@Artur Stępień, If you make remarks like > Every front-end backup system has at least 2 potential doors for > attack. Human (human error) or software Motivate your remarks. You have not given any proof for this statement? Please post how and why you "think" these '2 potential doors' are opened by Akeebabackup? Curious Leo
– user7333Nov 26 '15 at 16:17

4 Answers
4

In nine years we had a total of four security issues, only one being high priority. Even that one required advanced cryptanalytic skills to exploit. It only applied when an optional feature was enabled. We patched it in ALL versions of our software, even those. It supported for four years. The security release was publicized on our site, VEL and social media. The vulnerability report and POC came after a full month, giving you ample time to upgrade.

We follow the industry's best practices for security. Whenever a report comes in we work with the security researcher to understand the full details behind the attack vector, fix it at its core and put safeguards in place to ensure it will never happen again. These best practices are followed by th developers of operating systems, browsers and every piece of software you use out there.

As far as I know that Artur character was the same troll attacking us on Twitter a few months ago. He does not like the idea of his clients having control over their backups. I can understand why he so passionately protects his business model interests but his attacks to our company are out of line and all the way into defamation. I am seriously considering suing him, especially since he openly admitted that he does not know of any security issue in our software, right after he claimed it's "insecure"!!!

Thanks for taking the time to respond Nikolas and welcome in JSE. Akeeba used by thousands -if not millions- of users and websites. It's good to keep things clear and grown the level of trust and safety within the community.
– FFrewin♦Nov 26 '15 at 11:16

I second @FFrewin's comment ^^ I've also flagged Artur's answer to have it removed
– LodderNov 26 '15 at 11:19

Thanks a lot to Nicholas and all participating developers for Akeeba (and the other extensions), it made my daily work with transferring websites to client servers a lot easier and even my clients were able to do backups at their own. <3
– Dennis HeidenDec 13 '15 at 17:00

Akeeba Backup is an extension for backup management. It is the industry standard, a JED's TOP Rated and MOST Reviewed extension.

It almost has no interaction with the front-end site. If there were any vulnerability, it would be reported immediately and I am confident that the author would fix it in the shortest possible time.

Artur Stępień's answer in How to transfer a joomla content to another server? is basically a recommendation to avoid any backup extension... because they are "generally" insecure and particularly he fails to include any real reference to a known vulnerability. So... you have to trust in Artur Stępień opinion.

Disclaimer: I am an Akeeba's customer and I have been installing Akeeba Backup and Admin Tools (for protection against hackers) in every site since I can remember.